Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Weak keys of the full MISTY1 block cipher for related-key amplified boomerang cryptanalysis

  • Author(s): Jiqiang Lu 1 ; Wun-She Yap 2, 3 ; Yongzhuang Wei 4, 5
    • View affiliations
  • Source: Volume 12, Issue 5, September 2018, p. 389 – 397
    DOI:  10.1049/iet-ifs.2017.0173 , Print ISSN 1751-8709, Online ISSN 1751-8717
© The Institution of Engineering and Technology
Received 21/04/2017, Accepted 02/01/2018, Revised 16/11/2017, Published 04/01/2018

The MISTY1 block cipher has a 64-bit block size, a 128-bit master key, and a total of 8 rounds. It is an ISO international standard, a Japanese CRYPTREC-recommended e-government cipher, and a European NESSIE selected cipher. In this study, the authors show another cryptographic weakness of the full MISTY1 cipher: they describe four classes of weak keys of the full MISTY1 cipher for a related-key amplified boomerang attack that has a data complexity of chosen plaintexts and a time complexity of encryptions under each class of weak keys. The result shows that the MISTY1 cipher can be distinguishable from an ideal cipher in terms of related-key amplified boomerang cryptanalysis, and users should be very careful when using MISTY1 for a full security in relevant application situations.

Inspec keywords: public key cryptography; ISO standards; private key cryptography

Other keywords: Japanese CRYPTREC-recommended e-government cipher; 260.5 chosen plaintexts; 290 weak keys; time complexity; cryptographic weakness; related-key amplified boomerang cryptanalysis; full MISTY1 block cipher; master key; 287.33 encryptions; ISO international standard; block size; European NESSIE selected cipher; data complexity

Subjects: Data security; Cryptography

References

    1. 1)
      • 9. Kühn, U.: ‘Improved cryptanalysis of MISTY1’. Int. Workshop on Fast Software Encryption 2002, 2002 (LNCS, 2365), pp. 6175.
    2. 2)
      • 38. Dunkelman, O., Keller, N., Shamir, A.: ‘A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony’. CRYPTO 2010, 2010 (LNCS, 6223), pp. 393410.
    3. 3)
      • 26. Bar-On, A.: ‘Improved higher-order differential attacks on MISTY1’. Int. Workshop on Fast Software Encryption 2015, 2015 (LNCS, 9054), pp. 2847.
    4. 4)
      • 43. Lu, J.: ‘Cryptanalysis of block ciphers’. PhD thesis, University of London, UK, 2008.
    5. 5)
      • 39. Tsunoo, Y., Saito, T., Nakashima, H., et al: ‘Higher order differential attack on 6-round MISTY1’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2009, 92-A, pp. 310.
    6. 6)
      • 45. Lu, J., Kim, J.: ‘Attacking 44 rounds of the SHACAL-2 block cipher using related-key rectangle cryptanalysis’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2008, E91-A, pp. 25882596.
    7. 7)
      • 28. Todo, Y.: ‘Integral cryptanalysis on full MISTY1’, J. Cryptol., 2017, 30, pp. 920959.
    8. 8)
      • 30. Lu, J., Yap, W.S., Wei, Y.: ‘Weak keys of the full MISTY1 block cipher for related-key cryptanalysis’. Report 2012/066, IACR Cryptology ePrint Archive, 2012.
    9. 9)
      • 44. Lu, J., Kim, J., Keller, N., et al: ‘Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1’. CT-RSA 2008, 2008 (LNCS, 4964), pp. 370386.
    10. 10)
      • 37. Biham, E., Dunkelman, O., Keller, N.: ‘A related-key rectangle attack on the full KASUMI’. ASIACRYPT 2005, 2005 (LNCS, 3788), pp. 443461.
    11. 11)
      • 2. Cryptography Research and Evaluatin Committees (CRYPTREC): ‘CRYPTREC report 2002’, 2003.
    12. 12)
      • 35. 3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, 3G Security, Specification of the 3GPP Confidentiality and Integrity Algorithms; Document 2: KASUMI Specification, V3.1.1, 2001.
    13. 13)
      • 29. Bar-On, A., Keller, N.: ‘A 270 attack on the full MISTY1’. CRYPTO 2016, 2016 (LNCS, 9814), pp. 435456.
    14. 14)
      • 6. Biham, E., Biryukov, A., Shamir, A.: ‘Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials’. EUROCRYPT 1999, 1999 (LNCS, 1592), pp. 1223.
    15. 15)
      • 42. Murphy, S.: ‘The return of the cryptographic boomerang’, IEEE Trans. Inf. Theory, 2011, 57, pp. 25172521.
    16. 16)
      • 15. Hong, S., Kim, J., Lee, S., et al: ‘Related-key rectangle attacks on reduced versions of SHACAL-1 and AES-192’. Int. Workshop on Fast Software Encryption 2005, 2005 (LNCS, 3557), pp. 368383.
    17. 17)
      • 41. Kim, J., Hong, S., Preneel, B., et al: ‘Related-key boomerang and rectangle attacks: theory and experimental analysis’, IEEE Trans. Inf. Theory, 2012, 58, pp. 49484966.
    18. 18)
      • 17. Sun, X., Lai, X.: ‘Improved integral attacks on MISTY1’. Int. Workshop on Selected Areas in Cryptography 2009, 2009 (LNCS, 5867), pp. 266280.
    19. 19)
      • 3. New European Schemes for Signatures, Integrity, and Encryption (NESSIE): ‘Final report of European project IST-1999-12324’, 2004.
    20. 20)
      • 12. Lai, X.: ‘Higher order derivatives and differential cryptanalysis’, in Blahut, R.E., Costello, D.R.Jr., Maurer, U., et al (Eds.): ‘Communications and cryptography: two-sides of one tapestry’ (Kluwer Academic Publisher, Dordrecht, Netherlands, 1994), pp. 227233.
    21. 21)
      • 32. Wagner, D.: ‘The boomerang attack’. Int. Workshop on Fast Software Encryption 1999, 1999 (LNCS, 1636), pp. 156170.
    22. 22)
      • 40. Lai, X., Massey, J.L., Murphy, S: ‘Markov ciphers and differential cryptanalysis’. EUROCRYPT 1991, 1991 (LNCS, 547), pp. 1738.
    23. 23)
      • 21. Biham, E.: ‘New types of cryptanalytic attacks using related keys’. EUROCRYPT 1993, 1993 (LNCS, 765), pp. 398409.
    24. 24)
      • 1. Matsui, M.: ‘New block encryption algorithm MISTY’. Int. Workshop on Fast Software Encryption 1997, 1997 (LNCS, 1267), pp. 5468.
    25. 25)
      • 24. Lu, J., Yap, W.S., Wei, Y.: ‘Weak keys of the full MISTY1 block cipher for related-key differential cryptanalysis’. CT-RSA 2013, 2013 (LNCS, 7779), pp. 389404.
    26. 26)
      • 14. Biham, E., Dunkelman, O., Keller, N.: ‘Related-key boomerang and rectangle attacks’. EUROCRYPT 2005, 2005 (LNCS, 3494), pp. 507525.
    27. 27)
      • 20. Dai, Y., Chen, S.: ‘Weak key class of MISTY1 for related-key differential attack’. INSCRYPT 2011, 2012 (LNCS, 7537), pp. 227236.
    28. 28)
      • 16. Kim, J., Kim, G., Hong, S., et al: ‘The related-key rectangle attack – application to SHACAL-1’. ACISP 2004, 2004 (LNCS, 3108), pp. 123136.
    29. 29)
      • 27. Todo, Y.: ‘Integral cryptanalysis on full MISTY1’. CRYPTO 2015, 2015 (LNCS, 9215), pp. 413432.
    30. 30)
      • 5. Dunkelman, O., Keller, N.: ‘An improved impossible differential attack on MISTY1’. ASIACRYPT 2008, 2008 (LNCS, 5350), pp. 441454.
    31. 31)
      • 19. Chen, S., Dai, Y.: ‘Related-key amplified boomerang attack on 8-round MISTY1’. CHINACRYPT 2011, 2011, pp. 714.
    32. 32)
      • 13. Lee, S., Kim, J., Hong, D., et al: ‘Weak key classes of 7-round MISTY 1 and 2 for related-key amplied boomerang attacks’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2008, 91-A, pp. 642649.
    33. 33)
      • 36. Biryukov, A., Khovratovich, D.: ‘Related-key cryptanalysis of the full AES-192 and AES-256’. ASIACRYPT 2009, 2009 (LNCS, 5912), pp. 118.
    34. 34)
      • 10. Tsunoo, Y., Saito, T., Shigeri, M., et al: ‘Higher order differential attacks on reduced-round MISTY1’. ICISC 2008, 2009 (LNCS, 5461), pp. 415431.
    35. 35)
      • 31. Kelsey, J., Kohno, T., Schneier, B.: ‘Amplified boomerang attacks against reduced-round MARS and Serpent’. 7th Fast Software Encryption Workshop 2000, 2001 (LNCS, 1978), pp. 7593.
    36. 36)
      • 33. Biham, E., Shamir, A.: ‘Differential cryptanalysis of DES-like cryptosystems’, J. Cryptol., 1991, 4, pp. 372.
    37. 37)
      • 23. Knudsen, L.R.: ‘Cryptanalysis of LOKI91’. ASIACRYPT 1992, 1993 (LNCS, 718), pp. 196208.
    38. 38)
      • 18. Knudsen, L.R., Wagner, D.: ‘Integral cryptanalysis’. Int. Workshop on Fast Software Encryption 2002, 2002 (LNCS, 2365), pp. 112127.
    39. 39)
      • 8. Kühn, U.: ‘Cryptanalysis of reduced-round MISTY’. EUROCRYPT 2001, 2001 (LNCS, 2045), pp. 325339.
    40. 40)
      • 22. Kelsey, J., Schneier, B., Wagner, D.: ‘Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES’. CRYPTO 1996, 1996 (LNCS, 1109), pp. 237251.
    41. 41)
      • 34. National Institute of Standards and Technology (NIST): ‘Advanced encryption standard (AES), FIPS-197’, 2001.
    42. 42)
      • 25. Tsunoo, Y., Saito, T., Kawabata, T., et al: ‘Finding higher order differentials of MISTY1’, IEICE Trans. Fundam. Electron. Commun. Comput. Sci., 2012, 95-A, pp. 10491055.
    43. 43)
      • 7. Knudsen, L.R.: ‘DEAL – a 128-bit block cipher’. Technical report, Department of Informatics, University of Bergen, 1998.
    44. 44)
      • 4. International Standardization of Organization (ISO): ‘Int. standard – ISO/IEC 18033-3, information technology – security techniques – encryption algorithms – part 3: block ciphers’, 2005.
    45. 45)
      • 11. Knudsen, L.R.: ‘Truncated and higher order differentials’. Int. Workshop on Fast Software Encryption 1994, 1995 (LNCS, 1008), pp. 196211.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2017.0173
Loading

Related content

content/journals/10.1049/iet-ifs.2017.0173
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address